Alternatively don’t do anything like this and setup 2FA for your NPM account to prevent malicious publishes in the event of a compromise.

Another pleasant side effect is that 2FA prevents accidental publishes too.